© Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path...
-
Upload
steven-atkins -
Category
Documents
-
view
216 -
download
0
Transcript of © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path...
![Page 1: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/1.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
Steering the Battleship to a Secure pathBringing the product security message to HP Software
Tomer Gershoni, Chief Products Security Officer, HP SoftwareOWASP Israel Conference, August, 2014
![Page 2: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/2.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 2
About me• Overall, more than 12 years in the
Information Security Domain• 5 Years to HP Software• Started with 3 Years as HP
Software as a Service (SaaS) Chief Information Security Officer
• Before: MOD, Mirs/Motorola, Cellcom
![Page 3: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/3.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 3
HP Software Security & Trust Office
HP Software Security & Trust Office is the unit in HP Software
responsible for Product Security in the last 2 years
![Page 4: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/4.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 4
What Are We Not Going To Talk About?Our Best Of Breed Security Products
Or Our Super Cool IT Operation Management & Application Delivery Management Products
Don’t Worry More No Pictures
![Page 5: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/5.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 5
We Are Going To Talk About?
Our new HP LaserJet Enterprise 700 series
If we will have time….
![Page 6: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/6.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 6
We Are Going To Talk About?
Running a Product/Software Security in Large, Global
Enterprise
![Page 7: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/7.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP is one of the world’s largest technology companies, delivering innovation in printing, personal
computing, software, services, and IT infrastructure.
![Page 8: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/8.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 8
HP Strategy - Provide Solutions For The New Style of IT
Advise Transform Manage FinanceServices
Printers PCs Tablets
Printers & Personal Systems
Servers StorageNetworking
Converged Infrastructure
SecurityAnalyticsIT
Management
HP Software
SecurityMobilityBig Data Cloud
![Page 9: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/9.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
HP in israel: 5 business units, 8 sites:
HP LabsHaifa
HP ScitexCaesarea | Natania | Ashkelon
HP IsraelRaanana
HP SoftwareYehud
HP IndigoNess Ziona | Kiryat Gat
30 employees
5,673 employees
650 employees
1,500 employees
1,243 employees
2,250 employees
![Page 10: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/10.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 10
Simplify how you manage human information
• Customer Communications Management
• Information Analytics
• Information Management & Governance
• Marketing Optimization
A new style of security to disrupt the adversary
• HP TippingPoint
• HP ArcSight
• HP Fortify
HP AutonomyHP Security HP VerticaIT Operations Management
Application Delivery
ManagementAutomate and monitor cloud and infrastructure
• Business Service Management
• Service and Portfolio Management
• Cloud Automation
Test and deliver packaged, web, cloud & mobile apps
• Application Lifecycle Management
• Agile Manager
• Quality and Performance Testing
• HP Anywhere
The analytics engine for speed and scale
• HP Vertica Analytics Platform
Driving the New Style of ITHP Software
HP HAVEn – Big Data platform
![Page 11: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/11.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 11
HP Software
Top 10Software company
Leading productsIn leading markets
95% Customer satisfaction
7,000Technologists driving innovation
#1 or
#2 in all marketswhere we compete
Customers50,000+94%
of Fortune 100
TSIA rated Outstanding
One of the largest
SaaS providers
with
![Page 12: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/12.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 12
![Page 13: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/13.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
The early days…
2 Years ago…
![Page 14: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/14.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 1414
HP Software Product Security Point Of View
![Page 15: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/15.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 15
The starting point…
2012
![Page 16: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/16.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 16
Our Journey Course
FY13
FY14
FY15
Diagnosis & Foundation
Execution
Products’ Security market lead
![Page 17: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/17.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 17
![Page 18: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/18.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 18
Some Improvement Made (But More is Required)More than 150 Security bulletin & Customer communications released in 2014
![Page 19: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/19.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 19
We Are Going To Talk About?
Employees Commitment and Understanding
Gain Management Engagement (and Funding)
Bottom Up
Top Dow
n
Business Alignment
![Page 20: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/20.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 20
HP Software Security & Trust Office Vision
Position HP Software products Security as a market business differentiator by branding HP Software as market lead in its products security and reduce overall organizational security risk.
![Page 21: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/21.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 21
Gain Management engagement
Employees Commitment and Understanding
Gain Management Engagement (and Funding)
Bottom Up
Top Dow
n
Business Alignment
![Page 22: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/22.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
Software LifecycleManagement Framework
![Page 23: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/23.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 23
Identify and Share the risks!!
1Define product criticality
• Security & Trust CPSO & Management
Continuous risk identification & analysis
• Security lab, security leads
Determine vulnerability score (VS)
• Security lead, security risk manager
Finalize mitigation plan
• Security lead, R&D teams, PM's
2 3 4 5 6
![Page 24: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/24.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 24
Business Oriented Jargon
Segment Criteria Scale Weight
Busines
s
Annual Revenue $200M>= 30%
$100<=AR<$200M
$100M<
Business Strategy (P/G/A)
P 20%
G
A
Securit
y
Processed Data Type S. PII 25%
Business/technical
Non sensitive data
Deployment Model SaaS 25%
On Premise with Web Presence Potential
On Premise Only
Breach History 1> in past year 10%
=1
0
Criticality = What will happen if.. Vulnerability Score Risk Profile
![Page 25: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/25.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 25
Formalizing a vulnerability scoring toolbar (VST) for risk evaluation
Risk Evaluation Consistency
Vulnerability calculator segments
Risk level determination
![Page 26: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/26.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
TopicProduct Delivery Model (In Days)
Major Version Continuous delivery New Product
SLM Activities
Total in Days
Dev
44
Sec champ'
32
QA/SCOE
33
PMO
8
Architects
16
Dev
20.5
Sec champ'
44
QA/SCOE
8.5
PMO
11.5
Architects
17.5
Dev
42
Sec champ'40.5
QA/SCOE
17
PMO
11
Architects
24
133 Days 102 Days 134.5 Days
What’s The Cost ?
Product Name & Version
Current Risk Distribution Current VS
Efforts Required to Reduce all High risks
Efforts Required to Reduce all
Medium risks
VS Post Resolution
Product A release 5.5 High 4 Medium 14 23 40 days 147 days Low
Product B Release 2.1
High 9 Medium 2 29 41 days 10 days Low
Exam
pleSecurity development lifecycle – how much
will it cost?
So how much fixing it will cost me?
![Page 27: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/27.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 27
Management AccountabilityRelease Sign OffA release sign off process was established, requesting the relevant stake holder approval based on risk profile found
0-2 years products 2+ years products
Criticality
1<=Criticality<=3
Vulnerability score 1<=VS<=100
HighVS>30
Medium10<VS<3
0
LowVS<10
High <=2
GM GM VP PM
Medium 1.5<=x<2
GM GM SPM
Low <1.5
VP PM SPM SPM
Criticality
1<=Criticality<=3
Vulnerability score 1<=VS<=100
HighVS=>30
Medium10<=VS<
30
LowVS<10
High <=2
GM GM VP PM
Medium 1.5<=x<2
GM VP PM SPM
Low <1.5
VP PM SPM SPM
![Page 28: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/28.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 28
PU “A” Product Security Plan – Risk Reduction Status
PUProduct &
Version
Previous QBR
Current StatusCommitm
ent Objective
Next QBR
Last QBR VS
Agreed VS
Objective
CriticalHighMediu
mLow
Total product
VS Risk ProfileMet
objective?
Objective for release and
future releaseDate
# Of Risks
Status Status
A
Tinky Winky v.1
17 14 0 2 14 1 17 17 GM NA 14 09/24/14
Dipsyv.2.5
10 8 0 2 5 6 13 10 GM NA 8 09/24/14
Laa-Laav. 3.5
29 23 0 5 3 2 10 18 GM √ 16 12/24/14
Po11.24
1 1 0 0 0 6 6 1 PM √ 1 12/24/14
Noo-Noov.9.33
22 18 0 4 3 0 7 14 VP PM √ 12 12/24/14
Sunv.11.24
29 23 0 7 11 2 20 29 PM NA 23 09/24/14
High Criticality
Medium Criticality
Low criticality
![Page 29: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/29.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 29
Employees Commitment
Employees Commitment and Understanding
Gain Management Engagement (and Funding)
Bottom Up
Top Dow
n
Business Alignment
![Page 30: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/30.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 30
Develop & run a global Security experience program
Building Security from Grounds Up
Building a
Security Training Center
Security Trainings
‘Secure Our
Software’WW
security awareness events Starting point
![Page 31: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/31.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 31
8 Courses
Security Trainings
Security Experience - Execution
Building a Security Training Center
Global security training program
Cloud security course
Java secure coding
Application Security for QA
JS / HTML5 / Angular secure coding
.Net secure coding
Mobile secure coding / Phone gap
.Net Client server secure coding
Security for managers (2014)
1,421 employees
Trained Globally
![Page 32: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/32.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 32
SOS 2014 | Secure Our Software | Worldwide Event
Security Experience - Execution
More than1000 employees attended
Shanghai, China250 employees participated
Yehud, IL300 employees participated
Sunnyvale, US150 employees participated
Bangalore, India300 employees participated
![Page 33: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/33.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 33
![Page 34: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/34.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 34
![Page 35: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/35.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 35
Current Status
Current status 2014 goal
![Page 36: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/36.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 36
We Are Going To Talk About?
Employees Commitment and Understanding
Gain Management Engagement (and Funding)
Bottom Up
Top Dow
n
Business Alignment
![Page 37: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/37.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 37
Business Enablement – Tools To Help You
Customer Websites
Security Assurance Letters
Security White Papers
• Customer website
![Page 38: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/38.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 38
Business Enablement – Tools To Help You
• 3rd party assurance letterCustomer Websites
Security Assurance Letters
Security White Papers
![Page 39: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/39.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 39
Business Enablement – Tools To Help You
• Security white paperCustomer Websites
Security Assurance Letters
Security White Papers
![Page 40: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/40.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
HP Software Response Center
![Page 41: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/41.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 41
Incident Response – Is It Really Important?
![Page 42: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/42.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 42
Central point of contact for all reported security issues
Building an Incident Response Center
Risk Management | Secure Development Life Cycle | Security Experience (Education) | Response Center | Business Enablement | ITOM security status
![Page 43: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/43.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 43
HP Software was one of the first software vendors to release a formal public response
Did It Do Any Good?
![Page 44: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/44.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
Summary
![Page 45: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/45.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 45
To summarize – the Key Success Factors in a products security program• Risk Assessments and Transparency• Talk the business language:• What’s the impact? • What’s the investment that the business needs to put to
remediate the risk? • Work together with the business to find the best cost efficient
solutions
• Timely response – Customers and deals are not waiting for you
• Think out of the box• Act with multidisciplinary approach – don’t throw
empty phrases
![Page 46: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/46.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 46
When It Comes To SecurityYou Must Connect the
dots and LEAD!!!
![Page 47: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/47.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 47
Management
SupportR&D
FieldSalesCorporate
![Page 48: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/48.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 48
Upcoming challenges or trends (or at least wishful thinking)
What’s next?
• Certifiable product security standard (Not ISO 27034)
• Mobile Security• Products Privacy• Big data changes everything• DEVOPS, DEVOPS, DEVOPS…
![Page 49: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/49.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P. 49
Follow up
• HP Software Security & Trust Office Websitehttp://www8.hp.com/us/en/software-solutions/enterprise-software-security-center/index.html• We’re Hiring – send your CV to:[email protected]
![Page 50: © Copyright 2014 Hewlett-Packard Development Company, L.P. Steering the Battleship to a Secure path Bringing the product security message to HP Software.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d705503460f94a526b2/html5/thumbnails/50.jpg)
© Copyright 2014 Hewlett-Packard Development Company, L.P.
Thank You
Q&A